After getting this DSA I made an upgrade of my sarge server as usally: apt-get update apt-get upgrade
In the postinst. process I choose to restart the apache2 server to take effect of the changes, but something went wrong. root 20343 0.0 0.0 0 0 pts/0 Z+ 08:14 0:00 [gallery.postins] <defunct> after waiting for 4 minutes in front of "Forcing reload of web server: Apache2." I killed with ctrl-c and run again apt-get update this time I choose no at the apache-restart-question and it concluded successfully. A "manually" restart with "/etc/init.d/apache2 restart" worked fine. Regards, -- Christoph Auer <[EMAIL PROTECTED]> GnuPG Key ID: 1082227A Encrypted e-mail preferred. Powered by Debian GNU/Linux Moritz Muehlenhoff wrote: > -------------------------------------------------------------------------- > Debian Security Advisory DSA 1148-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Moritz Muehlenhoff > August 9th, 2006 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : gallery > Vulnerability : several > Problem-Type : remote > Debian-specific: no > CVE ID : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030 > Debian Bug : 325285 > > Several remote vulnerabilities have been discovered in gallery, a web-based > photo album. The Common Vulnerabilities and Exposures project identifies > the following problems: > > CVE-2005-2734 > > A cross-site scripting vulnerability allows injection of web script > code through HTML or EXIF information. > > CVE-2006-0330 > > A cross-site scripting vulnerability in the user registration allows > injection of web script code. > > CVE-2006-4030 > > Missing input sanitising in the stats modules allows information > disclosure. > > For the stable distribution (sarge) these problems have been fixed in > version 1.5-1sarge2. > > For the unstable distribution (sid) these problems have been fixed in > version 1.5-2. > > We recommend that you upgrade your gallery package. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
